Waiting for More EHR Privacy Standards

Proposed HITECH Incentive Rules Lack Details for Now
Waiting for More EHR Privacy Standards
When it comes to privacy and security, a preliminary set of proposed requirements for future stages of the HITECH Act electronic health records incentive program is light on details.

To qualify for stage 1 of the HITECH EHR incentive program, which kicked off this month, hospitals and clinics must conduct a risk analysis and take steps to mitigate identified risks. But so far, the Health IT Policy Committee has yet to propose further privacy and security protections for stages 2 and 3.

In a notice listing all its recommendations for stage 2 and 3, the committee only states that additional protections are under consideration by the committee's Privacy and Security Tiger Team.

One new recommendation for Stage 2 and 3, however, calls for physicians to use online secure patient messaging as a way to engage patients and families in their care.

The committee soon will begin accepting comments on its recommendations, which are due Feb. 25. Then it will hold a series of public meetings in the spring to fine-tune its proposals, which ultimately will be reviewed by the Department of Health and Human Services. Requirements for Stage 2 are due by the end of this year.

Health Information Exchange

Last year, the tiger team endorsed detailed recommendations for how and when to obtain patient consent for the exchange of their electronic health records.

It also recommended that all organizations involved in any type of health information exchange should be required to have digital certificates to authenticate their identities. The Health IT Policy Committee accepted these recommendations, but HHS has not taken any action on them.

The tiger team now is working on identifying how best to match patients to the right electronic health records when information is exchanged among organizations.

Meanwhile, a new workgroup of the HIT Policy Committee is reviewing a presidential council's EHR interoperability proposal that calls for requiring the use of a new universal exchange language based on XML for future stages of the EHR incentive program.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.